CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Sun: >> Java System Communications Express >> 2004q2 Security Vulnerabilities

CVE-2010-1227

Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.

CVSS Score

4.3

EPSS Score

0.002

Published

2010-04-01

CVE-2009-0877

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.

CVSS Score

4.3

EPSS Score

0.002

Published

2009-03-12

CVE-2005-3472

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

CVSS Score

5.0

EPSS Score

0.006

Published

2005-11-03

Page 1

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved